Adobe Reader Blog
Stay up-to-date on Adobe Reader…

Author Archive

May 14, 2013

Adobe Reader and Acrobat XI (11.0.03), X (10.1.7) and 9.5.5

Today, we announced the availability of Adobe Reader and Acrobat XI (11.0.03), X (10.1.7) and 9.5.5. For more information regarding the security details in these releases, please see Security Bulletin APSB13-15. For detailed Release Notes, please see the Enterprise Toolkit.

Adobe Reader and Acrobat 9 EOL
As a reminder, Adobe Reader and Acrobat 9 End-of-Life will occur next month. As stated in the Adobe Support Lifecycle Policy, Adobe provides five years of product support from the general availability date of Adobe Reader and Adobe Acrobat. In line with that policy, support for Adobe Reader 9.x and Adobe Acrobat 9.x will end on June 26, 2013.

End of Support
End of Support means that Adobe will no longer provide technical support or distribute runtimes, including product and/or security updates, for all derivatives of a product or product version (e.g. localized versions, minor upgrades, operating systems, dot and double-dot releases, and connector products).

Recommendation to Customers/Users
Adobe strongly recommends that customers update to the latest versions of Adobe Reader at: http://get.adobe.com/reader. By updating installations to the latest versions, customers benefit from the latest functional enhancements and improved security measures.

Additional Resources
For more information on the Adobe Support Lifecycle Policy, visit: http://www.adobe.com/support/products/enterprise/eol. For a complete list of Adobe products and technical support periods covered under the policy, visit: http://www.adobe.com/support/products/enterprise/eol/eol_matrix.html.

Steve Gottwals, Group Product Manager, Adobe Reader

Bookmark and Share
3:47 PM Permalink
February 20, 2013

Adobe Reader and Acrobat XI (11.0.02), X (10.1.6) and 9.5.4

Today, we announced the availability of Adobe Reader and Acrobat XI (11.0.02), X (10.1.6) and 9.5.4. For more information regarding the security details in these releases, please see Security Bulletin APSB13-07. For detailed Release Notes, please see the Enterprise Toolkit.

Steve Gottwals, Group Product Manager, Adobe Reader

Bookmark and Share
6:23 PM Permalink
January 8, 2013

Adobe Reader and Acrobat XI (11.0.01), X (10.1.5) and 9.5.3

Today, we announced the availability of Adobe Reader and Acrobat XI (11.0.01), X (10.1.5) and 9.5.3. For more information regarding the security details in these releases, please see Security Bulletin APSB13-02. For detailed Release Notes, please see the Enterprise Toolkit.

Adobe Reader XI Deployment Kit for App-V
With the 11.0.01 update, we’ve also released two tools to help virtualize Adobe Reader on Microsoft App-V. The tools include a Package Accelerator and an App-V Reader MSI, which installs a few DLLs and registry entries to support shell extensions, browser integration, and PDF ownership. The tools work with Reader 11.0.01 and App-V 4.6. See the App-V Deployment section of the Enterprise Administration Guide for more information.

New Updater Mode Added to Acrobat XI for Windows
Just like the Adobe Reader updater, the Adobe Acrobat XI for Windows updater now has a fully-automated mode. As a reminder, “fully-automated” mode will regularly check for important updates, download them to your machine, and install them automatically. When finished, you will be alerted via a small message in the system tray that your software has been updated. This method is the recommended best practice for keeping Adobe Acrobat up-to-date and more secure given the fact that it does not require user intervention.

Handling Flash in 10.1.5
As mentioned in Three Common Adobe Reader and Acrobat Security Questions, unknown Flash will now be rendered by the system Flash Player (NPAPI version), when using Adobe Reader and Acrobat 10.1.5. Note: This has already been done for Reader and Acrobat 11. As stated before, this means that Adobe Reader/Acrobat users will no longer have to update Adobe Reader/Acrobat each time we update the Flash Player. This is particularly beneficial to customers in managed environments, because fewer updates means a lower cost of ownership, while maintaining a vigilant security posture.

Adobe Reader and Acrobat 9 EOL
Please note, as stated in Adobe Reader and Acrobat 9 EOL, support for Adobe Reader 9.x and Adobe Acrobat 9.x will end on June 26, 2013.

Steve Gottwals, Group Product Manager, Adobe Reader

Bookmark and Share
6:13 PM Permalink
October 15, 2012

Adobe Reader XI Now Available!

Adobe Reader XI is now available! Download Reader XI today at http://get.adobe.com/reader. With over one billion downloads, Adobe Reader continues its leadership as the global standard in PDF viewing and interaction.

New Functionality
Adobe Reader XI provides full commenting capabilities, including text, stamps, file attachments and audio recordings, as well as drawing markups, like lines, arrows, shapes and free-form annotations. Do you have a PDF form that needs attention? Well, Reader is now able to fill, sign, save and send your forms without requiring printing and mailing. And, of course, you can do this on the most recent and popular operating systems, OS X Mountain Lion and Windows 8, which includes our new “touch-mode” for an optimal tablet experience.

Mobile and the Cloud
Wherever you are, save your PDFs to Acrobat.com for access from anywhere, including your mobile devices via Adobe Reader for Android and iOS. Also, leverage Adobe Reader XI’s integration with our cloud services, including creating PDF, exporting PDF files to Word and Excel, or sending your documents for signatures and full tracking via Adobe EchoSign.

Security
We really moved the needle with Protected Mode in Adobe Reader X. Now, we’ve enhanced Protected Mode in Adobe Reader XI to include data theft prevention capabilities. We’ve even added a new Protected View, which implements a separate desktop and winstation for the UI, providing an additional layer of defense. For high-risk environments, we’ve added the PDF Whitelisting Framework, which allows the selective enablement of JavaScript for both Windows and Mac OS, including support for certified documents. And, in the area of content security, we’ve expanded our support to elliptic curve cryptography.

Enterprise Deployment
We spent a lot of time with our Citrix XenApp support, and especially focused on performance, which is key when accessing Adobe Reader XI from your tablet devices. Also, if you’re rolling out application streaming, we’re now supporting Microsoft App-V, including a Package Accelerator. Need a GPO template? We’ve added that to this release too! And, of course, we continue to enhance our support for Microsoft SCCM/SCUP, Apple Remote Desktop and have even added a Configuration Wizard for the Mac. For all your enterprise questions, checkout our new Enterprise Toolkit.

As always your feedback and comments are critical to our success. Please continue to provide us with your feedback via the Adobe Reader user forums.

To learn more about the new Adobe Reader XI please visit our home page at www.adobe.com/products/reader.html. Follow Reader XI news on Twitter @Adobe_Reader.

Steve Gottwals, Group Product Manager, Adobe Reader

Bookmark and Share
12:08 PM Permalink
October 1, 2012

Announcing Adobe Reader XI

Today, Adobe is announcing our next generation Acrobat XI software with new cloud services. Products included in this release are: Acrobat XI Pro, Acrobat XI Standard, Adobe Reader XI and newly integrated documents services, Adobe FormsCentral and Adobe EchoSign.

Adobe Reader XI, our most powerful Reader yet, includes many new and enhanced capabilities:

  • Productivity
    • Full commenting features, including text, stamps, file attachments and audio recordings, as well as drawing markups, like lines, arrows, shapes and free-form annotations
    • Fill, sign, save and send your forms – and save the planet while you’re at it!
    • Store files on Acrobat.com for access from multiple devices
    • Support for OS X Mountain Lion and Windows 8 with new “touch-mode” for optimal tablet interaction
    • Create PDF or Export PDF files to Word and Excel online
  • Security
    • Enhanced Protected Mode now includes data theft prevention capabilities
    • New Protected View implements a separate desktop and winstation for the UI, which provides an additional layer of defense
    • PDF Whitelisting Framework allows selective enablement of JavaScript for both Windows and Mac OS
    • Elliptic Curve Cryptography support for digital signatures
  • Enterprise Deployment
    • Citrix XenApp enhancements for better performance
    • New App-V support, including a Package Accelerator
    • GPO Template for the most common enterprise settings
    • Enhanced support for Microsoft SCCM/SCUP and Apple Remote Desktop
    • Configuration Wizard for the Mac

Stay tuned for an announcement about where you can download Reader XI soon!

Steve Gottwals, Group Product Manager, Adobe Reader

Bookmark and Share
4:15 PM Permalink
September 18, 2012

Adobe Approved Trust List (AATL) Update – September, 2012

The Adobe Approved Trust List is a program that allows millions of users around the world to create digital signatures that are trusted whenever the signed document is opened in Adobe Reader or Acrobat software. Essentially, both Reader and Acrobat have been programmed to reach out to a web page to periodically download a list of trusted “root” digital certificates. Any digital signature created with a credential that can trace a relationship (“chain”) back to the high-assurance, trustworthy certificates on this list is trusted by Acrobat and Reader.

We just added several new members to the program! For a full list, or to try a sample document, visit: Adobe Approved Trust List Members. So, if you’re interested in obtaining an AATL-enabled certificate, contact one of the members. Or, if you’re interested in being a member of the AATL, you can send an email here.

Steve Gottwals, Group Product Manager, Adobe Reader

Bookmark and Share
11:02 PM Permalink
August 14, 2012

Adobe Reader and Acrobat X (10.1.4) and 9.5.2

Today, we announced the availability of Adobe Reader and Acrobat X (10.1.4) and 9.5.2. For more information regarding the security details in these releases, please see Security Bulletin APSB12-16. For detailed Release Notes, please see the Release Notes Library.

Steve Gottwals, Group Product Manager

Bookmark and Share
6:21 PM Permalink
July 20, 2012

Three Common Adobe Reader and Acrobat Security Questions

I get a lot of great questions regarding Adobe Reader and Acrobat security. Recently, a few have been asked more frequently than others. So, I thought I’d share those with you.

Q: What is the Adobe Reader and Acrobat update schedule?

About three years ago, we moved to a quarterly update schedule for Adobe Reader and Acrobat. It was part of a major initiative to strengthen the security of our products. At the time, three-month update cycles seemed like the right cadence given the threat environment and the pace we were adding new mitigation capabilities into the products. Fast-forward three years, and technologies like Protected Mode in Adobe Reader and Protected View in Acrobat (sandboxes) have provided effective layers of defense, reducing the need for the ongoing quarterly cadence.

So, recently we announced a closer alignment with the Microsoft Patch Tuesday model. Instead of delivering updates on a quarterly schedule, we will provide Adobe Reader and Acrobat updates on the second Tuesday of any given month as needed throughout the year to best address customer requirements and keep all of our users safe. We will also continue to publish a prenotification on the Adobe Product Security Incident Response Team blog three business days before we release a security update, and we will continue to be flexible and respond “out-of-cycle” to urgent needs, such as a zero-day attack.

Q: How is Flash content being handled in Adobe Reader and Acrobat?

Starting with Adobe Reader and Acrobat 9.5.1, we have classified Flash content into two categories, “known” and “unknown.” Known Flash content has been authored by Adobe and ships with the product. For instance, Portfolio Navigators and user interface elements are classified as known Flash content. Unknown Flash content has been authored outside of Adobe and does not ship with the product. For example, Custom Portfolio Navigators and Flash content embedded into PDFs are considered unknown. With this classification scheme, we are able to selectively render Flash content with different Flash Players. In 9.5.1 and later, we render known Flash content with an internal component embedded inside of Adobe Reader and Acrobat, and let the system Flash Player (NPAPI version) render the unknown content.

Since an attack would leverage unknown, as opposed to known, Flash content, this means that Adobe Reader/Acrobat 9.x users will no longer have to update Adobe Reader/Acrobat each time we update the Flash Player. This is particularly beneficial to customers in managed environments, because fewer updates means a lower cost of ownership, while maintaining a vigilant security posture. Keeping in mind that there is no silver bullet when it comes to security, we do follow a defense-in-depth security strategy. Therefore, even though we run all Flash content inside the sandbox in Adobe Reader and Acrobat X, where we’ve had great success thwarting attacks, we’ll still implement this new handling of Flash content into those products in the future. We’ll let you know when that happens.

Q: Can you explain the new security ratings?

In the past, security ratings were based on the worst-case scenario of a vulnerability without taking into account the presence or likelihood of an exploit. For a bit of background, a vulnerability is a code defect that can potentially be leveraged by an exploit to attack a system. Imagine the exact same code defect in two products. One product has a known exploit, while the other product has extra layers of defense that thwart the exploit from working. If you only consider the vulnerability, the security rating would look the same. But, if you consider the presence (or lack) of a functioning exploit as part of the security rating, you’ll get a different answer, and a better understanding of the threat, which in turn, provides better guidance on how quickly you should deploy the update.

This has happened with the introduction of new security mitigation technologies, like Adobe Reader Protected Mode (sandbox protections), which has made vulnerabilities much more difficult to exploit. Therefore, we’ve taken the degree of difficulty for exploit creation and included it in our new update priority ratings. We feel that this is the best way to clearly communicate real-world risk associated with the vulnerabilities addressed in any given security update.

Steve Gottwals
Group Product Manager
Adobe Acrobat Solutions Security

Bookmark and Share
7:38 PM Permalink
June 8, 2012

One Year from Now: Adobe Reader and Acrobat 9 EOL

For our customers who need longer lead times when transitioning from older versions of our software, this blog post is an early reminder that the Adobe Reader and Acrobat 9 End-of-Life will occur next year.

As stated in the Adobe Support Lifecycle Policy, Adobe provides five years of product support from the general availability date of Adobe Reader and Adobe Acrobat. In line with that policy, support for Adobe Reader 9.x and Adobe Acrobat 9.x will end on June 26, 2013.

End of Support
End of Support means that Adobe will no longer provide technical support or distribute runtimes, including product and/or security updates, for all derivatives of a product or product version (e.g. localized versions, minor upgrades, operating systems, dot and double-dot releases, and connector products).

Recommendation to Customers/Users
Adobe strongly recommends that customers update to the latest versions of Adobe Reader at: http://get.adobe.com/reader. By updating installations to the latest versions, customers benefit from the latest functional enhancements and improved security measures.

Additional Resources
For more information on the Adobe Support Lifecycle Policy, visit: http://www.adobe.com/support/products/enterprise/eol. For a complete list of Adobe products and technical support periods covered under the policy, visit: http://www.adobe.com/support/products/enterprise/eol/eol_matrix.html.

Steve Gottwals, Group Product Manager, Adobe Reader

Bookmark and Share
8:37 PM Permalink
June 4, 2012

Adobe Approved Trust List (AATL) Update – June 4, 2012

The Adobe Approved Trust List is a program that allows millions of users around the world to create digital signatures that are trusted whenever the signed document is opened in Adobe Reader or Acrobat software. Essentially, both Reader and Acrobat have been programmed to reach out to a web page to periodically download a list of trusted “root” digital certificates. Any digital signature created with a credential that can trace a relationship (“chain”) back to the high-assurance, trustworthy certificates on this list is trusted by Acrobat and Reader.

We just added three new members to the program! For a full list, or to try a sample document, visit: Adobe Approved Trust List Members. So, if you’re interested in obtaining an AATL-enabled certificate, contact one of the members. Or, if you’re interested in being a member of the AATL, you can send an email here.

Steve Gottwals, Group Product Manager, Adobe Reader

Bookmark and Share
8:40 PM Permalink